#!/usr/bin/env python
import pygeoip
from scapy.all import *
gi = pygeoip.GeoIP('/opt/GeoIP/GeoIP.data')
def retGeoStr(ip_src):
try:
rec = gi.record_by_name(ip_src)
city = rec['city']
country = rec['country_name']
if city !=None :
print (ip_src +':'+ country +':'+ city)
except Exception as e:
return 'Unregistered'
def anspkt(pkt):
if pkt.haslayer(IP):
ip_src = pkt.getlayer(IP).src
retGeoStr(ip_src)
def main():
sniff(iface='eth0',prn=anspkt,store=0)
#sinff這裏可以增加過濾條件,如filter='tcp and port 80',即是隻抓取tcp 80端口的數據
if __name__ == '__main__':
main()運行結果如下:
